import jwt from "jsonwebtoken";
const SECRET_KEY = "your_secret_key";

const verifyToken = (req, res, next) => {
  const authHeader = req.headers.authorization;
  if (!authHeader)
    return res.status(401).json({ code: 1, msg: "未授权，缺少 token" });

  const token = authHeader.split(" ")[1]; // Bearer token_value

  jwt.verify(token, SECRET_KEY, (err, decoded) => {
    if (err)
      return res.status(401).json({ code: 1, msg: "token 无效或已过期" });

    req.user = decoded;
    next();
  });
};

export default verifyToken;
